Thunderbolt port flaw could expose PCs to physical hacking

A security researcher says attackers could easily retrieve data within five minutes using portable hardware

A security researcher has revealed that attackers can steal data from Thunderbolt-equipped PCs and computers, even if the device is locked.

The researcher, Björn Ruytenberg, notes that if someone gets physical access to your computer, they could easily retrieve data within five minutes using portable hardware.

Since the Thunderbolt port on devices offers super fast transfer speeds by allowing direct access to the PCs memory, there are several flaws and vulnerabilities that are present.

It was previously believed that risks could be alleviated if you disallowed access to untrusted devices. However, Ruytenberg notes that attackers could bypass this by changing the firmware that controls the port. By doing so, attackers could allow any device to access the computer.

Unfortunately, the owner of the PC would not know that their device had been compromised or altered in any way. Ruytenberg says that Apple computers running macOS won’t be impacted by the flaw, unless they are running Boot Camp.

Further, although Intel created a Thunderbolt security system that would prevent this type of attack, it is only available on computers manufactured in 2019 and beyond. Also, several Dell Hp and Lenovo computers are vulnerable. Interestingly, a recent Microsoft leak suggested that the tech giant didn’t include a Thunderbolt port on its Surface devices due to security concerns.

Ruytenberg told Wired that users should “avoid leaving your system unattended while powered on, even if screen-locked.” He stated that users should also avoid using sleep mode.

Since a lot of people around the world are working from home, this security vulnerability isn’t much of an issue right now, but it’s something to keep in mind once we return to work and take our laptops to coffee shops or libraries.

Image credit: Unsplash (Tobias Lystad)

Source: Engadget, Wired 

Update 11/05/20 12:50pm: Intel provided MobileSyrup the following comment: “This attack could not be successfully demonstrated on Kernel DMA protection enabled systems. As always, we encourage everyone to follow good security practices, including preventing unauthorized physical access to computers.”